Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
c79b16e1
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
大约 1 年 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
c79b16e1
编写于
8月 25, 1999
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Allow extensions to be added to certificate requests, update the sample
config file (change RAW to DER).
上级
43ca6c02
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
78 addition
and
4 deletion
+78
-4
CHANGES
CHANGES
+6
-0
apps/openssl.cnf
apps/openssl.cnf
+14
-3
apps/req.c
apps/req.c
+32
-0
crypto/x509v3/v3_conf.c
crypto/x509v3/v3_conf.c
+25
-1
crypto/x509v3/x509v3.h
crypto/x509v3/x509v3.h
+1
-0
未找到文件。
CHANGES
浏览文件 @
c79b16e1
...
...
@@ -4,6 +4,12 @@
Changes between 0.9.4 and 0.9.5 [xx XXX 1999]
*) Allow certificate extensions to be added to certificate requests. These
are specified in a 'req_extensions' option of the req section of the
config file. They can be printed out with the -text option to req but
are otherwise ignored at present.
[Steve Henson]
*) Fix a horrible bug in enc_read() in crypto/evp/bio_enc.c: if the first data
read consists of only the final block it would not decrypted because
EVP_CipherUpdate() would correctly report zero bytes had been decrypted.
...
...
apps/openssl.cnf
浏览文件 @
c79b16e1
...
...
@@ -86,6 +86,8 @@ distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = AU
...
...
@@ -170,8 +172,16 @@ authorityKeyIdentifier=keyid,issuer:always
#nsCaPolicyUrl
#nsSslServerName
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
...
...
@@ -200,10 +210,11 @@ basicConstraints = CA:true
# Copy issuer details
# issuerAltName=issuer:copy
# RAW DER hex encoding of an extension: beware experts only!
# 1.2.3.5=RAW:02:03
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical,
RAW
:30:03:01:01:FF
# basicConstraints= critical,
DER
:30:03:01:01:FF
[ crl_ext ]
...
...
apps/req.c
浏览文件 @
c79b16e1
...
...
@@ -82,6 +82,7 @@
#define DISTINGUISHED_NAME "distinguished_name"
#define ATTRIBUTES "attributes"
#define V3_EXTENSIONS "x509_extensions"
#define REQ_EXTENSIONS "req_extensions"
#define DEFAULT_KEY_LENGTH 512
#define MIN_KEY_LENGTH 384
...
...
@@ -142,6 +143,7 @@ int MAIN(int argc, char **argv)
int
nodes
=
0
,
kludge
=
0
;
char
*
infile
,
*
outfile
,
*
prog
,
*
keyfile
=
NULL
,
*
template
=
NULL
,
*
keyout
=
NULL
;
char
*
extensions
=
NULL
;
char
*
req_exts
=
NULL
;
EVP_CIPHER
*
cipher
=
NULL
;
int
modulus
=
0
;
char
*
p
;
...
...
@@ -438,6 +440,20 @@ bad:
}
}
req_exts
=
CONF_get_string
(
req_conf
,
SECTION
,
REQ_EXTENSIONS
);
if
(
req_exts
)
{
/* Check syntax of file */
X509V3_CTX
ctx
;
X509V3_set_ctx_test
(
&
ctx
);
X509V3_set_conf_lhash
(
&
ctx
,
req_conf
);
if
(
!
X509V3_EXT_add_conf
(
req_conf
,
&
ctx
,
req_exts
,
NULL
))
{
BIO_printf
(
bio_err
,
"Error Loading request extension section %s
\n
"
,
req_exts
);
goto
end
;
}
}
in
=
BIO_new
(
BIO_s_file
());
out
=
BIO_new
(
BIO_s_file
());
if
((
in
==
NULL
)
||
(
out
==
NULL
))
...
...
@@ -677,6 +693,22 @@ loop:
}
else
{
X509V3_CTX
ext_ctx
;
/* Set up V3 context struct */
X509V3_set_ctx
(
&
ext_ctx
,
NULL
,
NULL
,
req
,
NULL
,
0
);
X509V3_set_conf_lhash
(
&
ext_ctx
,
req_conf
);
/* Add extensions */
if
(
req_exts
&&
!
X509V3_EXT_REQ_add_conf
(
req_conf
,
&
ext_ctx
,
req_exts
,
req
))
{
BIO_printf
(
bio_err
,
"Error Loading extension section %s
\n
"
,
req_exts
);
goto
end
;
}
if
(
!
(
i
=
X509_REQ_sign
(
req
,
pkey
,
digest
)))
goto
end
;
}
...
...
crypto/x509v3/v3_conf.c
浏览文件 @
c79b16e1
...
...
@@ -220,7 +220,7 @@ static int v3_check_generic(char **value)
return
1
;
}
/* Create a generic extension: for now just handle
RAW
type */
/* Create a generic extension: for now just handle
DER
type */
static
X509_EXTENSION
*
v3_generic_extension
(
const
char
*
ext
,
char
*
value
,
int
crit
,
int
type
)
{
...
...
@@ -302,6 +302,30 @@ int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
return
1
;
}
/* Add extensions to certificate request */
int
X509V3_EXT_REQ_add_conf
(
LHASH
*
conf
,
X509V3_CTX
*
ctx
,
char
*
section
,
X509_REQ
*
req
)
{
X509_EXTENSION
*
ext
;
STACK_OF
(
X509_EXTENSION
)
*
extlist
=
NULL
;
STACK_OF
(
CONF_VALUE
)
*
nval
;
CONF_VALUE
*
val
;
int
i
;
if
(
!
(
nval
=
CONF_get_section
(
conf
,
section
)))
return
0
;
for
(
i
=
0
;
i
<
sk_CONF_VALUE_num
(
nval
);
i
++
)
{
val
=
sk_CONF_VALUE_value
(
nval
,
i
);
if
(
!
(
ext
=
X509V3_EXT_conf
(
conf
,
ctx
,
val
->
name
,
val
->
value
)))
return
0
;
if
(
!
extlist
)
extlist
=
sk_X509_EXTENSION_new_null
();
sk_X509_EXTENSION_push
(
extlist
,
ext
);
}
if
(
req
)
i
=
X509_REQ_add_extensions
(
req
,
extlist
);
else
i
=
1
;
sk_X509_EXTENSION_pop_free
(
extlist
,
X509_EXTENSION_free
);
return
i
;
}
/* Config database functions */
char
*
X509V3_get_string
(
X509V3_CTX
*
ctx
,
char
*
name
,
char
*
section
)
...
...
crypto/x509v3/x509v3.h
浏览文件 @
c79b16e1
...
...
@@ -386,6 +386,7 @@ void X509V3_conf_free(CONF_VALUE *val);
X509_EXTENSION
*
X509V3_EXT_conf_nid
(
LHASH
*
conf
,
X509V3_CTX
*
ctx
,
int
ext_nid
,
char
*
value
);
X509_EXTENSION
*
X509V3_EXT_conf
(
LHASH
*
conf
,
X509V3_CTX
*
ctx
,
char
*
name
,
char
*
value
);
int
X509V3_EXT_add_conf
(
LHASH
*
conf
,
X509V3_CTX
*
ctx
,
char
*
section
,
X509
*
cert
);
int
X509V3_EXT_REQ_add_conf
(
LHASH
*
conf
,
X509V3_CTX
*
ctx
,
char
*
section
,
X509_REQ
*
req
);
int
X509V3_EXT_CRL_add_conf
(
LHASH
*
conf
,
X509V3_CTX
*
ctx
,
char
*
section
,
X509_CRL
*
crl
);
int
X509V3_add_value_bool_nf
(
char
*
name
,
int
asn1_bool
,
STACK_OF
(
CONF_VALUE
)
**
extlist
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录